Information Sheet 3.1-3 


Active Directory Objects (OU, Users and Groups) 


LEARNING OBJECTIVES: 

After reading this INFORMATION SHEET, STUDENT(S) MUST be able to: 


• Understand what are differences between OU, Users and Groups. 

• Create organizational unit and groups in active directory users and computers 

• Create users accounts 

a) In active directory users and groups 

b) Using dsadd command line option 

c) Using batch script 

• Create a bulk of user’s accounts using a batch script. 


Introduction 


Active directory (AD) is not going to work solely without its objects, Objects are 
everything live under AD. As stated in (Information sheet: Active Directory) objects are 
the following, Users and groups, services (i.e. Emails), resources such printers, shared 
folders. 
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What is an OU? 


An organization Unit is a container that holds AD Object like User Accounts, 
Computer Accounts, and Groups. 



ORGANIZATIONAL 

UNIT 


□nn 

Computer Computer 

Account Group 




User Group 


OUs help to keep your objects organized, but also are used to control what your Users 
can and can’t do (among the other things) 

Well start off building a few OUs so our Users and Computer Accounts will have a 
place to live. 

You can organize OUs: 

• Geographically 

• By function (Departments, etc.) 

• But remember to KISS as much as you’re able to! Keep it Simple, Sysadmin. 


CSS 


CBLMs on Computer 


Document No. 

System Servicing NC II 

Setup Server 

Developed by ^ 

Version 1.1.2019 

Page 

2 



Revision #01 














CSSComputers (Child OU) 


Creating an Organizational Unit (OU) 

Creating an Organizational Unit 

1. Start by opening up your Server Manager, then expand the Roles section. 
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Computer accounts 


• Allow AD to keep track and control the computers in your network. A computer 
without an Account in AD can’t access the network -it’s security measure. 

• It resides in OU’s which allow you to install software to all machines in OU at 
once. 

• When you are going to join a computer in your domain (you’ll need Admin level 
credentials) 

• A computer account is automatically created in AD. 

OU vs Groups 

OU’s keep your object organized and are used to control what users and computers 
can and can’t do. 

Groups are active directory objects that allow you to provide and deny access to 
resources like printer folder en masse. Groups are residing in organizational unit. 
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CREATING ORGANIZATIONAL UNIT 


1. Open server manager 
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2. Expand the Active Directory Domain Services (click the + sign ) section > 
click on Active Directory Users and Computers. 



«^|[W a S IP’S* 

3. At this point you should be able to see your domain. In our example we are 
using the itsmeismael domain. Go ahead and expand your domain (click the + 
sign). 
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4. Now we need to create an Organizational Unit for a group to live in. In this 
example we are going to create an OU for our CSS Students. To create a new 
Organization Unit, right-click on your domain name, point to the New option 
and then select Organizational Unit. 
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5. Type the name of your OU and make sure that the box is checked next 

to Protect container from accidental deletion. When done, click OK. 




File Action View Help 
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6. We now have a new Organizational Unit in our Active Directory called CSS 

Students. 
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CREATING A NEW GROUP 


1. After creating an Organizational Unit in your Active Directory, you are ready 
to create your first group. Go ahead and select your OU and then right-click in 
the blank area. Next, point to New and then select Group. 
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3. The next step is to name your Group, select the group scope and then select 
the group type. 


In this example we are going to name our group CSS User. We are also going to 
leave the default selections for group scope is Global, and group type is 


Security > click OK. 
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4. Our new group has been created! 


File Action View Help 
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USER ACCOUNTS 


• it allow users to access network resources. 


Creating account using server manager 

1. Open Server Manager open Roles click Open Active Directory Users and 
expand the domain name (itsmeismael.com). Select the Organization Unit 

(CS Students) where you want to create the new user account. 
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2. In the empty area, right-click select New and click User. You can also right- 
click the OU and click New and select User to create new user account. 
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3. 


New Object dialog box will open as shown below. You can fill in the user 
information like first name, lastname etc. As you can see below, there are two 
user logon names. The first User logon name also called User Principal Name 
(UPN) superUser@itsmeismael.com which is email like name that can be used 
to login to domain joined computers. Second user logon name (pre-Windows 
2000) also called SamAccountName can also be used by user to login to 
domain-joined computers in the form itsmeismael\superUser. After entering 
the user details, click Next. 
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4. Enter password for the user. You can choose various options as shown below. 
Once you are done, click Next. 
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Create in: itsmeismad com/CSS Students 


Confirm password: 


►•I 


W User must change password at next logon 
V User cannot change password 
I - Password never expires 
I" Account is disabled 


< Back | Next > | Cancel 
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5. View the summary then click Finish. 
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CREATE ACCOUNTS USING COMMAND LINE 


You can also add users by using DSADD command line option. IT allows you create 
users using command prompt. 

DSADD is a command-line option that will allow you to create users with commands. 

Syntax: 

dsadd user "cn=Username,ou=OUName, dc=YOurndomain, dc=yoursuffix" 

Example 

dsadd user "itsmeuser, ou=CSSStudents, dc=css, dc=com" 


If you are going to add users’ complete name use the following syntax. 

dsadd user "itsmeuser, ou=CSSStudents, dc=css, dc=com " -fn Ismael -In 
Balana -pwd css_2016 -mustpwd no 


If you want fast and easy creation of users just use the following codes, but this time 
you need type the codes using Notepad or any equivalent text editor. 

1. Open notepad or notepad++ > then type an example shown below 

Syntax: 

dsadd user "cn=%l, ou=OUName, dc=YourDomain, dc=YourSuffix" -fn%2 - 
ln%3 -pwd Password -mustchpwd yes 

Example: 

dsadd user "cn=%l, ou=CSSUsers, dc=itsmeismael, dc=com" -fn%2 -ln%3 - 
pwd css_2016 -mustchpwd yes 


2. Save it as “addUsername.bat” in accessible directory. 

3. Open command line, navigate to the directory where the script resides and type: 

Syntax 

addOUName username firstname lastname 
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Example: 

addCSSUsers itsmeismael Ismael Balana 

4. Open server manager OU and check the result 


Moving users into a Group 

1. In order to move existing accounts into a group, you need to hold down the Control 
key and click the user or computer accounts that you want to move into that group. 
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2. Then you need to right-click on any one of those accounts and select Add to a 

group. 
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3. Next, Type the group name and let the machine find it. 

In our example, I will type CSS Users and then click on the Check names button. 
Once the name is verified and group name is found, the text will be underlined and 
you can click the OK button to continue. 



CSS 


CBLMs on Computer 
System Servicing NC II 


Developed by 


Document No. 

Version 1.1.2019 

Page 

20 

Revision #01 






























File Action View Help 

+ l 3 Hi I J x]3m qW 


^ Server Manager (SERVER) 

B §> Roles 

Si Active Directory Domain Services 

B [2 Active Directory Users and Computers [: 
B Jpj itsmeismael.com 
El 13 Builtin 
El 13 Computers 
B 3 CSS Students 


Students 6 objects [Filter Activated] 


Name | Type 

$*, CSS Users Security Group - Global 

& Cart Jacob B.. Angeles User 

* Flocerfida M. Balana User 

* Garry M. Balana User 

* Ismael M. Balana 



El 3 Users 

El gif Active Directory Sites and Services 
El J, DNS Server 
B gl Features 
El |i Diagnostics 
El jlfjj Configuration 
El Storage 


I Descri f 


CSS 


CBLMs on Computer 


Document No. 

System Servicing NC II 

Setup Server 

Developed by ^ 

Version 1.1.2019 

Page 

21 



Revision #01 


























TASK SHEET 3.1-3 


Title: Install active directory 

Performance Objective: Given are the following materials, you should be 
able to install active directory. Allotted time 30 minutes. 

Supplies/Materials 

Equipment : Computer with Windows Server 2008 R2 


Prerequisites: Installed and configured active directory 

Steps/Procedure: 

1. Read information sheet 3.1-3 Installing active directory 

2. Create an Organizational Unit 
Where: 

Name of Organizational Unit(s) = CSS Students 

3. Create two domain users 
Where: 

Name of first user =Yourfull name, Logon username = WirelessClient 
Name of second user = Your full name, Logon username = Wired Client 
Set the password as _admin@123 for both users 

4. Create a group 
Where: 

Group name = CSS Group 

Add your newly created domain users inside the group 


Assessment Method: 

Demonstration, Observation 
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Performance Criteria Checklist 3.1-3 


Trainee's Name:_Date: 


During the performance of the task, did you consider the following criteria? 


CRITERIA 

YES 

Grade Point 

Equivalent 

Highest Possible 

Score = 5 

Lowest Possible 

score = 0 

NO 

Did the trainee... 




1. Created an organizational unit 
according to the specific given 
task? 




2. Created two domain users 
according to job requirements? 




3. Set up the group for domain 
users according to specific 
instruction? 




4. Performed and followed 

completely the given tasks? 




5. Observed and performed 5S and 
occupational health and safety? 





Feedback 


Total Points 


Total Items 
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Signature of the Trainee/Learner 


Signature of the Trainer 

Ismael Manic Balana 


Grade Point Equivalent 

The table shows the equivalent points that are used and show how they are calculated to 
determine the grade point average (GPA), or index. 

The highest equivalent points that trainer can give is 5 points per criterion and the lowest is 0. If 
the trainee/learner accumulate scores with below two (2) grade point equivalent, she/he needs to 
retake the whole given task. 


Grade Point 
Equivalent 

Explanation 

5 

Excellent 

4 

Very Good 

3 

Good 

2 

Average 

1 

Poor 

0 

Failure 
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TERMS AND DEFINITIONS 


OU or organization unit is a container that holds AD object like user accounts, 
computer accounts, and groups. 

Groups are active directory objects that allow you to provide and deny access to 
resources like printer folder en masse, groups are residing in organizational 
unit. 

DSADD is a command-line option that will allow you to create users with 
commands. 
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